Network Security
CHRISTOPHER D. CONEWAY
under the direction of Dr. Foorood Amirmadhifor theCASS/CREST STARS ProgramTennessee State University
Agenda
ObjectiveBasic Network ComponentsThe Lab SystemsSecuring the NetworkCurrent WorkConclusion
Objective
Our objective is to better understand Network Security issues, and means to protect it.
Our goals are as follows: Network Layer Host Layer Application Layer
OSI Model
Control DataProtocol DestinationSource
A Conceptual Packet Structure
Basic Network Components
Router
Switch
Hub
PCsPCsFirewallFirewall
The Lab Systems
Hardware components Switch, Hub, PC’s
Operating Systems Unix: Sun Os 5.5 Linux: Red Hat 9.0,
SuSE 8.2 Windows: 2000,
2000 Server, NT4.0
Network Diagram
W2K
-WS1/R
ED
HA
T
W2K
/RE
DH
AT
W2K
/RE
DH
AT
W2K
server
SUSE
/W2K
W2K
/SU
SE
Linux
UN
IX B
OX
Network 1
Private Class-C:
Address
NAT
Network Address Translator
Router
Internet
Firewall
Hub Switch
Network 2
Private Class-C:
Address
SU
SE
Firewall NG
Hub
Firewall
Firewall –Hardware or software that examines and controls the traffic between two or more networks (i,e; Internal, and Internet)
Firewall policies are a collection rules:
internet
Policies-Firewall
Securing the Network: Security Tools
Port Scanner (Protocol holes) Security Analyzer (Application Holes) Network Analyzer/Sniffer (Decoding)
Security Analyzer Report Sample
Port Analysis Section
Current Works
Secure Mail Microsoft Active Directory VPN (Virtual Private Network) Unix systems
Secure Mail
Virus protection - Server based virus protection using your existing antivirus software.
Spam filtering - Checks to see if the computer which sent a message is blacklisted on the major RBL lists. Quarantines or deletes any such messages.
Content filtering -. Check for unacceptable language.
Attachment filtering - Part of the content filtering. Removes unwanted types of file attachment before they reach the end user.
IMAP (Internet Message Access Protocol) support - Store all message folders centrally, allowing side by side access from a mail client or web-mail.
Web-based mail client - Provide users with web-based access to their e-mail.
Web-based administration - Remotely administer mail using a web browser.
Http-s- An extension to the http protocol to support sending data securely over the web.
Secure Mail Diagram
Mail Server Client Computers
Active Directory
Microsoft Active Directory Domain Name Service User and Group account management Organizational units and resources
management
Active Directory Diagram
VPN (Virtual Private Network)
VPN (Virtual Private Network) Checkpoint VPN (CP2000, CPNG) Data integrity and confidentiality are
protected through authentication and encryption
Data can be securely transmitted between two locations across the Internet or be encrypted between a server and a client
within a Local Area Network
VPN Diagram
VPN Client Connected to Private COE-Lab Network
Unix Systems
Unix systems Internet services (web, mail, proxy, etc..) Redhat & Suse, Sun system platforms
Conclusions
Security in All Layers Required Be Up-to-date in New Security Issues Consistency in the process of securing
systems
Questions